A 24-year-old British man has pleaded guilty in the United States to participating in a large-scale cybercrime operation that targeted companies and individuals across America, stealing at least $8 million (£5.9 million) in cryptocurrency through phishing attacks.
Tyler Buchanan, from Dundee, admitted to conspiring to hack the systems of at least a dozen organisations and using stolen credentials to access sensitive accounts. The US Department of Justice said Buchanan and his associates relied on SMS phishing campaigns, sending deceptive text messages to employees of technology, telecommunications, entertainment, and cryptocurrency firms. The messages directed recipients to fraudulent websites designed to harvest login details, including usernames and passwords.
Prosecutors said the scheme operated between September 2021 and April 2023. During that period, the group allegedly sent hundreds of targeted messages, gaining unauthorised access to corporate systems and personal accounts. Once inside, they extracted confidential data and used it to facilitate the theft of digital assets from victims across the United States.
Investigators found further evidence during a search of Buchanan’s home in Scotland. A digital device reportedly contained lists of names and addresses, along with cryptocurrency seed phrases and login credentials linked to victims. Authorities say these materials were directly connected to the stolen funds.
Buchanan has been held in US federal custody since April 2025. He pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft. He is scheduled to be sentenced on 21 August and faces a maximum prison term of 22 years.
US authorities also linked Buchanan to a wider network of cybercriminals associated with the group known as Scattered Spider. In 2023, he and four American co-defendants were charged in connection with the operation. One of them, 21-year-old Noah Michael Urban, previously pleaded guilty to multiple fraud offences and is now serving a 10-year prison sentence along with a restitution order exceeding $13 million.
The Department of Justice said investigations into the broader network remain ongoing, with additional suspects in the United States still facing charges.
Cybersecurity officials have described the case as part of a growing trend of socially engineered attacks that exploit human error rather than technical vulnerabilities. The FBI continues to examine related incidents as authorities work to dismantle the remaining elements of the group’s operations.
